Schneier on Security
MAY 22, 2018
Google and Microsoft researchers have disclosed another Spectre-like CPU side-channel vulnerability, called " Speculative Store Bypass." Like the others, the fix will slow the CPU down. The German tech site Heise reports that more are coming. I'm not surprised. Writing about Spectre and Meltdown in January, I predicted that we'll be seeing a lot more of these sorts of vulnerabilities.
Troy Hunt
MAY 24, 2018
Try publishing something to the internet - anything - and see how it long it takes before something nasty is probing away at it. Brand new website, new domain and it's mere hours (if not minutes) before requests for wp-admin are in the logs. Yes, I know it's not a Wordpress site but that doesn't matter, the bots don't care. But that's just indiscriminate scanning, nothing personal; how about deliberate and concerted attacks more specifically designed to get into your things?
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
WIRED Threat Level
MAY 23, 2018
Cisco researchers discover a new router malware outbreak that might also be the next cyberwar attack in Ukraine.
Dark Reading
MAY 24, 2018
Data breach costs increased 24% for enterprise victims and 36% for SMBs from 2017 to 2018, researchers found.
Speaker: Erroll Amacker
Automation is transforming finance but without strong financial oversight it can introduce more risk than reward. From missed discrepancies to strained vendor relationships, accounts payable automation needs a human touch to deliver lasting value. This session is your playbook to get automation right. We’ll explore how to balance speed with control, boost decision-making through human-machine collaboration, and unlock ROI with fewer errors, stronger fraud prevention, and smoother operations.
Schneier on Security
MAY 24, 2018
Interesting research in steganography at the font level.
Troy Hunt
MAY 25, 2018
Well it's all quietened down here with Scott gone so it's back to business as usual, which means, well, it's not very quiet at all! I've been in Sydney this week talking at one of our big banks and as I say in this week's update, getting out there amongst companies dealing with their unique cyber challenges is always interesting: #cyber pic.twitter.com/CIMDhPfKIP — Troy Hunt (@troyhunt) May 23, 2018.
Cyber Security Informer brings together the best content for cyber security professionals from the widest variety of industry thought leaders.
|
Dark Reading
MAY 21, 2018
Google acknowledges HTTPS as the Internet standard with plans to remove 'secure' from all HTTPS sites.
Schneier on Security
MAY 21, 2018
The Intercept has a long article on Japan's equivalent of the NSA: the Directorate for Signals Intelligence. Interesting, but nothing really surprising. The directorate has a history that dates back to the 1950s; its role is to eavesdrop on communications. But its operations remain so highly classified that the Japanese government has disclosed little about its work even the location of its headquarters.
Lenny Zeltser
MAY 21, 2018
When cybersecurity professionals communicate with regular, non-technical people about IT and security, they often use language that virtually guarantees that the message will be ignored or misunderstood. This is often a problem for information security and privacy policies, which are written by subject-matter experts for people who lack the expertise.
WIRED Threat Level
MAY 20, 2018
Researchers have developed a new technique called FontCode that hides secrets in plain sight.
Advertisement
Many cybersecurity awareness platforms offer massive content libraries, yet they fail to enhance employees’ cyber resilience. Without structured, engaging, and personalized training, employees struggle to retain and apply key cybersecurity principles. Phished.io explains why organizations should focus on interactive, scenario-based learning rather than overwhelming employees with excessive content.
eSecurity Planet
MAY 22, 2018
The security professional's guide to advanced persistent threats and how to stop and prevent them.
Schneier on Security
MAY 25, 2018
Interesting research: " The detection of faked identity using unexpected questions and mouse dynamics ," by Merulin Monaro, Luciano Gamberini, and Guiseppe Sartori. Abstract: The detection of faked identities is a major problem in security. Current memory-detection techniques cannot be used as they require prior knowledge of the respondent's true identity.
Dark Reading
MAY 21, 2018
Unit 8200 doesn't follow a conventional recruiting model. Technical knowledge isn't a requirement. The unit values traits that emphasize problem-solving and interpersonal skills, and it uses hiring processes that build female leaders.
WIRED Threat Level
MAY 22, 2018
The Los Angeles Police Department is using "predictive policing" to prevent crime, but this innovative approach has its problems.
Advertisement
The DHS compliance audit clock is ticking on Zero Trust. Government agencies can no longer ignore or delay their Zero Trust initiatives. During this virtual panel discussion—featuring Kelly Fuller Gordon, Founder and CEO of RisX, Chris Wild, Zero Trust subject matter expert at Zermount, Inc., and Principal of Cybersecurity Practice at Eliassen Group, Trey Gannon—you’ll gain a detailed understanding of the Federal Zero Trust mandate, its requirements, milestones, and deadlines.
Thales Cloud Protection & Licensing
MAY 23, 2018
John Grimm, Thales eSecurity’s Senior Director of IoT Security Strategy, recently spoke with CyberWire’s Dave Bittner about key findings and trends from Thales eSecurity’s 2018 Global Encryption Trends Study. The CyberWire is a free, community-driven cybersecurity news service based in Baltimore. A sampling of John’s comments: The lynchpin of any good encryption system is how well you protect the key.
Schneier on Security
MAY 25, 2018
I'm at Carnegie Mellon University, at the eleventh Workshop on Security and Human Behavior. SHB is a small invitational gathering of people studying various aspects of the human side of security, organized each year by Alessandro Acquisti, Ross Anderson, and myself. The 50 or so people in the room include psychologists, economists, computer security researchers, sociologists, political scientists, neuroscientists, designers, lawyers, philosophers, anthropologists, business school professors, and
Dark Reading
MAY 25, 2018
Start building an affordable DevSecOps automation toolchain with these free application security tools.
WIRED Threat Level
MAY 21, 2018
A new processor vulnerability known as Speculative Store Bypass could expose user data on a huge swath of devices.
Advertisement
Keeper Security is transforming cybersecurity for people and organizations around the world. Keeper’s affordable and easy-to-use solutions are built on a foundation of zero-trust and zero-knowledge security to protect every user on every device. Our next-generation privileged access management solution deploys in minutes and seamlessly integrates with any tech stack to prevent breaches, reduce help desk costs and ensure compliance.
eSecurity Planet
MAY 25, 2018
As Microsoft demonstrated this week, companies will find that having separate data protection and privacy policies for non-EU customers won't work.
Schneier on Security
MAY 23, 2018
The rise of self-checkout has caused a corresponding rise in shoplifting.
Dark Reading
MAY 25, 2018
Ad-loading malware is being built into the firmware and operating system of some new tablets and phones from three major manufacturers.
WIRED Threat Level
MAY 24, 2018
You should certainly understand the risks of having a smart speaker in your home, but there’s a perfectly good explanation for how that rogue message might have gotten sent.
Speaker: Sierre Lindgren
Fraud is a battle that every organization must face – it’s no longer a question of “if” but “when.” Every organization is a potential target for fraud, and the finance department is often the bullseye. From cleverly disguised emails to fraudulent payment requests, the tactics of cybercriminals are advancing rapidly. Drawing insights from real-world cases and industry expertise, we’ll explore the vulnerabilities in your processes and how to fortify them effectively.
Threatpost
MAY 25, 2018
As the popularity around cryptocurrency has continued to rise in 2018, it has also paved an easy path for cash-hungry scammers to launch “cryptocurrency giveaway scams.”.
Thales Cloud Protection & Licensing
MAY 22, 2018
In 2016, I provided predictions in an article entitled The (Immediate) Future of Ransomware. I indicated ransomware was going to grow and find other vectors for infection outside of simply malware links. Those predictions come true on a massive scale in particular with the WannaCry and Petya outbreaks, driven by system vulnerability vectors just as I foresaw.
Dark Reading
MAY 23, 2018
Two experts share their data science know-how in a tutorial focusing on internal DNS query analysis.
WIRED Threat Level
MAY 23, 2018
FBI stats about inaccessible cellphones were inflated, undermining already controversial bureau claims about the threat of encryption.
Advertisement
Many software teams have migrated their testing and production workloads to the cloud, yet development environments often remain tied to outdated local setups, limiting efficiency and growth. This is where Coder comes in. In our 101 Coder webinar, you’ll explore how cloud-based development environments can unlock new levels of productivity. Discover how to transition from local setups to a secure, cloud-powered ecosystem with ease.
Threatpost
MAY 23, 2018
Researchers warn of malware infecting 500,000 popular routers in a campaign mostly targeting the Ukraine, but also 54 other countries.
Thales Cloud Protection & Licensing
MAY 24, 2018
The rules of risk taking. What kind of person are you? Are you a risk taker or someone who like to play it safe? Is your organization one that takes risk, or is it risk averse? Let’s take digital transformation , for example. Most organizations want to embrace it, but feel constricted due to data privacy concerns and compliance regulations. However, companies that can’t or won’t find a path forward run the risk (pun intended!
Dark Reading
MAY 25, 2018
There's no one surefire way of fixing the problem, which endangers everyone's security. There are, however, several options we should try.
WIRED Threat Level
MAY 23, 2018
The update, now available to most users, comes several months after Facebook was criticized for spamming users' two-factor authentication phone numbers.
Advertisement
After a year of sporadic hiring and uncertain investment areas, tech leaders are scrambling to figure out what’s next. This whitepaper reveals how tech leaders are hiring and investing for the future. Download today to learn more!
Expert insights. Personalized for you.
178 
Let's personalize your content